Instances of data compromise in the United States were down in the second quarter, but the good news pretty much ends there, according to information released early Wednesday by the Identity Theft Resource Center.
Cybercriminals pulled off 732 total compromises online in the second quarter, a total that was down nearly 13% from the first quarter, according to the ITRC’s reckoning. Still, the total of 1,571 cases for the first half of the year more or less maintains a pace seen last year in which 3,203 compromises were recorded. That 2023 total exceeded the number recorded in 2022 by 78%.
What criminals do with the data they harvest in these compromises also poses a disturbing question. The count of victims in these cases ran up to 1.08 million in the first half, the first time since 2018 that number has crossed the 1-million mark, according to the ITRC’s reckoning. Indeed, this year’s victim count threatens to equal or perhaps exceed the 2.23 million impacted six years ago.
“Today’s report is an analysis of the public reported data compromise notices issued so far in 2024 from official sources, media reports, company releases, and security researchers,” notes a spokesman for the ITRC, by email.
Not surprisingly, the financial sector accounts for the most compromises, followed by health care. The number of breaches in the former sector came to 407 in the first half of the year, up by two-thirds from the first six months last year. Health care, by contrast, saw a decrease in incidents to 236, compared to 377 in the first half of last year.
Cyberattacks remain criminals’ favored “attack vector,” or method, for invading and pilfering data. These attacks were found to be deployed in 1,226 attacks in the first half, with phishing and business email compromise running a distant second at 212. Unspecified vectors accounted for fully 839 incidents, the ITRC report indicates.
Wednesday’s report on data compromises follows an ITRC report released last month and covering identity theft. The topline result in the earlier report is that the number of victims of identity misuse, attempted misuse, and ID compromise dropped 16% last year, to 10,904. Likewise, the number of instances of ID crime reported in these cases dropped 11% to 13,197.
But there’s a cautionary note from the ITRC regarding the results of the earlier study: Online thieves are getting better at impersonating so-called legitimate officials, likely as a result of the introduction of generative AI technology.